CVE-2019-1003049

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.150.2 Jenkins versions prior to 2.160 Jenkins versions 2.171 and earlier Jenkins LTS versions 2.164.1 and earlier Oracle Communications Cloud Native Core Automated Test Suite (affected versions not specified) Redhat OpenShift Container Platform (affected versions not specified)

Description: The issue allows users who cached their CLI authentication before Jenkins was updated to remain authenticated in certain versions of Jenkins. This is because the fix in these releases did not reject existing remoting-based CLI authentication caches.

Recommendations: For Jenkins versions prior to 2.150.2, update to version 2.150.2 or newer. For Jenkins versions prior to 2.160, update to version 2.160 or newer. For Jenkins versions 2.171 and earlier, update to a version newer than 2.171. For Jenkins LTS versions 2.164.1 and earlier, update to a version newer than 2.164.1. For Oracle Communications Cloud Native Core Automated Test Suite and Redhat OpenShift Container Platform, at the moment, there is no information about a newer version that contains a fix for this issue.